U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Australian Computer Crime and Security Survey 2004

NCJ Number
205693
Date Published
2004
Length
43 pages
Annotation
This report presents 2004 survey results on computer security operations and problems among Australia’s private and public sector organizations.
Abstract
The 2004 Australian Computer Crime and Security Survey was adapted from the CSI/FBI Computer Crime and Security Survey and includes new questions regarding electronic attacks and other forms of computer crime. The report presents an analysis of trends in computer network attack, crime, and computer access misuse in Australia during 2004. The survey covered a broad range of public and private sector industries; the industries with the greatest representation in the 2004 survey included the education sector (18 percent), the State government sector (13 percent), and the manufacturing sector (9 percent). The key findings of the 2004 survey include a 5 percent increase compared with 2003 data in the number of respondents who experienced electronic attacks that compromised confidentiality, integrity, or availability of network of system data. Of these attacks, 88 percent were external and 36 percent were internal. In 2003, 91 percent of these attacks were external. Among the most common forms of electronic attacks were infections from viruses, worms, or trojans, which accounted for 45 percent of total financial losses. Laptop computer theft and abuse or misuse of computer network access or resources were the next most common causes of financial loss. Average annual loss caused by computer crime, electronic attack, or computer access abuse or misuse for 2004 totaled $116,212 per organization, a 20 percent increase over 2003 losses. Fifty percent of reported harmful computer attacks were made by critical national information infrastructure (CNII) organizations. Average losses for these organizations were almost double those for non-CNII organizations. Information technology systems of responding organizations have improved in three areas: (1) use of information security policies, practices, and procedures; (2) use of information security standards or guides; and (3) trained or experienced staff. Despite these improvements, only 5 percent of responding organizations reported they were managing all computer security issues reasonably well. Forty-five percent of respondents reported a need for greater support for computer security issues from senior management. The two factors identified as most implicated in electronic attacks were unprotected software and inadequate staff training and education. The final conclusion indicates that organizations are not doing enough to improve their computer security issues. Tables, figures, references